There is an issue with DNS Forwarding in WSL2 when using VPN (see github Issue). Plus there is a issue with the Cisco AnyConnect. So here is a workaround for these problems. Should work for Ubuntu and Debian.
Workaround (new – automatic)
This solution is automatic and was created by EdwardCooke (see https://www.frakkingsweet.com/automatic-dns-configuration-with-wsl-and-anyconnect-client/). This is just the first part of his solution updating resolv.conf when starting WSL.
-
Re-enable auto generation of resolv.conf (if disabled)
by commented the disable with
#sudo nano /etc/wsl.conf#[network] #generateResolvConf = false -
Create the script
sudo nano /bin/vpn-dns.sh#!/bin/bash echo "Getting current DNS servers, this takes a couple of seconds" /mnt/c/Windows/System32/WindowsPowerShell/v1.0/powershell.exe -Command ' $ErrorActionPreference="SilentlyContinue" Get-NetAdapter -InterfaceDescription "Cisco AnyConnect*" | Get-DnsClientServerAddress | Select -ExpandProperty ServerAddresses Get-NetAdapter | ?{-not ($_.InterfaceDescription -like "Cisco AnyConnect*") } | Get-DnsClientServerAddress | Select -ExpandProperty ServerAddresses ' | \ awk 'BEGIN { print "# Generated by vpn fix func on", strftime("%c"); print } { print "nameserver", $1 }' | \ tr -d '\r' > /etc/resolv.conf clear -
Make it executable/run as sudo
sudo chmod +x /bin/vpn-dns.sh echo "$(whoami) ALL=(ALL) NOPASSWD: /bin/vpn-dns.sh" | sudo tee /etc/sudoers.d/010-$(whoami)-vpn-dns -
Make it run on wsl startup
echo "/bin/vpn-dns.sh" | sudo tee /etc/profile.d/vpn-dns.sh
You can also run it manually:
sudo /bin/vpn-dns.sh
Workaround (old manual)
-
Find out nameserver with windows powershell (during VPN Session)
nslookupYou’ll get the IPv4 adress of your corporate nameserver
Copy this address. -
Disable resolv.conf generation in wsl:
sudo nano /etc/wsl.confcopy this text to the file (to disable resolve.conf generation, when wsl starts up)
[network] generateResolvConf = false -
In wsl Add your corporate nameserver to
resolv.confsudo nano /etc/resolv.confRemove other entries and add your corporate nameserver IP (if you have a secondary nameserver, add it in a separate line)
nameserver X.X.X.X(where X.X.X.X is your address obtained in step 1)
-
Set your VPN adapter (if you have Cisco AnyConnect) open a admin powershell
- Find out your VPN adapter name:
Get-NetIPInterface(in my case:"Cisco AnyConnect") - Set adapter metric (Replace -Match with your name), in my case I have to run this after ever reboot or VPN reconnect:
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000(What is interface metric: Used to determine route, windows use interface with lowest metric)
- Find out your VPN adapter name:
-
Restart wsl in powershell:
wsl.exe --shutdown -
Test it in wsl run:
wget google.com– if this command works, you are done.
In my case I get DNS issues when try to connect to internal stuff via browser (on Windows 10, f.e.: intranet), caused by the high metric value set in step 4 (basically kind of disabling VPN Route). So here is the workaround for the workaround:
- Check your default metric (of VPNs Interface) in powershell (replace -Match with your interface name)
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Get-NetIPInterface
- When running into problems on Windows 10 restore this default value with admin powershell (replace value at the end with your default value):
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 1